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Abstract — Elliptic Curve Cryptography (ECC) provides a secure 
means of key exchange between communicating nodes using the 
Diffie-Hellman (DH) Key Exchange algorithm. This work 
presents an ECC encryption implementation using of the DH 
key exchange algorithm. Both encryption and decryption of text 
messages using this algorithm, have been attempted. In ECC, 
encoding is carried out by mapping a message character to an 
affine point on an elliptic curve. It can be observed from the 
comparison of the proposed algorithm and Koblitz's encoding 
method, that the proposed algorithm is as secure as Koblitz's 
encoding method and the proposed algorithm has less 
computational complexity as the encoding phase is eliminated 
altogether. Hence, energy efficiency of the crypto system is 
improved and the same can be used in resource constrained 
applications, such as Wireless sensor networks (WSNs). It is 
almost infeasible to attempt a brute force attack. The security 
strength of the algorithm is proportional to the key length. 
However, any increase in the key length results in more 
communication overhead due to encryption. 

Index Terms— ECC, EC-DH, Koblitz encoding 

I. Introduction 

Wreless Sensor Networks (WSN's) have been finding their 
applications in various diversified fields ranging from 
commercial and industrial to military areas. In certain WSN 
applications, while the WSN data is transiting towards the 
base station (BS) using multi-hop connectivity comprising of 
wireless communication links among the nodes, the same 
data need to be sent in a secure manner. To meet this 
security requirement, the data need to be encrypted prior to 
its transmission by the sending node and the same cipher 
messages need to be decrypted upon reception by the receiving 
node. The same encryption and decryption can be achieved 
by adopting either symmetric key cryptographic (SKC) or 
public key cryptographic (PKC) algorithms. In SKC, the same 
key needs to be shared between the sender and the receiver 
beforehand. Each node, in the multi-hop communication path, 
needs to store the corresponding keys of all of its neighboring 
nodes. In order to provide better security, a PKC algorithm 
such as RS A algorithm is being widely used in most of the 
products and standards. However, in WSN applications, the 
RSA algorithm cannot be used due to the computational 
and energy constraints of the constituent nodes. Elliptic Curve 
Cryptography (ECC) is ideal for environments such as smart 
cards, WSN's [2], [3]. 

ECC offers performance advantage at higher security levels 
[6] . The principal advantage of the ECC compared to the RSA, is 
that it offers better security at reduced key sizes, as shown in 
Table I, thereby reducing processing overheads [7], [8]. ECC 



makes use of elliptic curves (EC ' s) , in which the variables and 
coefficients are all restricted to the elements of a finite field. 
Moreover, because of the apparent hardness of the underlying 
elliptic curve discrete logarithm problem (ECDLP) [4] and [5], 
ECC systems are also well suited for applications requiring 
security, which need to last longer. Each user taking part in 
public key cryptography uses a pair of keys: a public key and 
a private key [9] . Only that particular user knows the private 
key, whereas the public keys are distributed among all the 
users intending to communicate. Some public key algorithms 
may require a set of predefined constants to be known by all 
the devices taking part in the communication. In ECC, these 
predefined constants are also called domain parameters. An 
understanding of the ECC needs mathematical background on 
EC's [4]. 

Table I ECC and RSA comparison 



ECC kev length 


RSA kev length 


160 


1024 


:n 


2048 


256 


5072 


1S4 


7680 



y 2 =x 3 +ax +b, (1) 

where 4a 3 +27b 2 =0. 

Let E (a, b) consisting of all the points (x, y) satisfying 
the equation ( 1 ) together with element at infinity . A group 
can be defined based on the set E (a, b) for specific values 
of a and b. The heart of ECC is discrete logarithm problem 
ECDLP that can be stated as it is computationally infeasible 
to find the value k such that Q = kP , where P and Q are 
known points on the elliptic curve. However, it should be 
relatively easy to find Q , where k and P are known. The first 
part of algorithm is to generate public and private keys by 
both the parties participating in the communication. Both 
the users should select a random base/ generator public 
point, G, on the elliptic curve, whose order is a prime, P . Each 
user generates a random secret integer less than the order of 
G . Public key of a particular user is the scalar multiplication 
of the user's secret integer and the generator point. Next 
phase is sharing a key using Diffie-Hellman algorithm, that 
provides secure key exchange. Finally, the message is hidden 
using this key and thus the message is encrypted. The rest 
of the paper is organized as follows: Section II presents 
algorithm description of the proposed algorithms, section III 
provides an implementation of the proposed algorithms, 
section IV gives a comparison of the proposed algorithm 
and the Koblitz's method and section V gives conclusions. 
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II Algorithm Description 

The equation defining an elliptic curve over a finite field, 
called Galois field, GF(p) [4], is as follows: 

y 2 mod p =(x 3 + ax +b) mod p, (2) 

where 4a 3 + 27b 2 =0, (x, y) "GF (p)and a, bare integers 
< p. An elliptic curve, E over G F (p) consists of the solutions 
(x, y) defined by equation (2), along with an additional parameter 
called O, which is the point of infinity, a point on the EC. The 
basic elliptic curve operations are point addition and point 
doubling. ECC primitives require scalar point multiplication. Given 
a point, P (x, y) on an EC, one needs to compute kP , where k 
is a positive integer. This is achieved by carrying out a series 
of doubling and addition operations over P . 
Example: 

If k=23,thenkP =23xP = 2(2(2(2P ) + P ) + P ) + P . 
The doubling and addition operations are carried out, 
depending on a sequence of operations determined for k. 
Public keys are generated using scalar multiplication of private 
keys with the generator point, which makes use of a series of 
doubling and addition operations. 
Notation used 

1 . G is a Generator point with prime order m [ 1 0] . 

2. Key pair {P , n }, where P is a Public key P = n * G and n 
is the Private key < m. 

3. User Alice - U ^ and User Bob - U c 

4. is X - OR operation. 

5. L - the no. of bits in the message to be sent at a time 

L=[log 2 (message) +1], V 1 = V mod2 L (first L bits) 

A. Correctnes 

PB Q b = n Bob ■< G (3) 

PAU« = nAlxce x G (4) 
n Alke * PBob = n Alke x n Bob x G = n Bo b x PaEcc = S (5) 

Cipher = x s © Message (6) 
x s © Cipher = x s © x s Message = Message (7) 

Encrypting a message in the point plays an important role in 
the security of the algorithm. 

Algorithm 1 ALGORITHM WITH SIMPLE ENCRYPTION 

1 . Key Generation 

A. Begin 

B. Initiate the connection between users, U„. and U . 

' Alice Bob 
C " U A,ice = ( P Ahcc' n Ahcc) iS the ^ f °* U AUc C - 

U Bob = ( P Bob' n Bob) iS the P aU " fol " U Bob" 

D - U Bob sends the point P Bob toU^. Similarly U^ 
sends P., to U D .. 

Abcc Bob 

2. Encryption : Hiding 

E - U a„cc computes the point n^ffj = S 
LetS= (x,y s ). 

U Alicc calculates Cipher = x s Message. 
U... sends cipher to U . . 

Alice ' Bob 

3. Decryption 

F. U Bob computes the point il x P which is same as the 
point S = (x s , y ). Finally U Bob decrypts the message using 

Message = x s Cipher. 
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Algorithm 2 ALGORITHM WITH COMPLEX ENCRYPTION 

1 . Key Generation 

A. Begin 

B. Initiate the connection between users, U... and UBob 

' Alice 

C " U Al,ce = ( P Alice > n A lice) i§ ttlC ^ fo] " U Al,ce" 

U Bob = ( P Bob> ^ob) iS the P^ fOT U Bob" 

D. U Bob sends the point P Bob to U A|icc . Similarly U A]icc sends 

p ', to . . 

Alice Bob 

2. Encryption : Hiding 

E. U . computes the point, S and let S 



' I1 Alicel( P Bobl-' " 



: ( x s i-y s i) 

,(PB„b 2 )=S 2 LetS =(x s2 ,y s2 ) 



F. U A1 . calculates the distance between S, and S . Let it 

Alice 1 2 

beD. 

G. U... calculates V, = x , and 

Alice 1 s 1 

V 2 = x s 2.Cipher = Vj g V,S Message. 

H. U... sends cipher to U = . . 

Alice ' Bob 

I. For the next session, Alice changes the values to 



V 1 = V 1+ D,V 2 = 



V 2 +D. 



3. Decryption 



J.U = 



. computes the point and S 2 . 
K . U . calculates V = x , and V =x2. 

Bob 1 si 2 s 

L. Finally, U Bob decrypts the message 

using Message = V 3 V, 3 Cipher. M 
For the next session, Bob changes the values to 
V^Vj+D.Vj^+D. 

III. Implementation of the Proposed Algorithm 

After defining the EC parameters, we can select a base point 
G. G has (x, y) coordinates satisfying the equation (2). The 
base point has the smallest x, y values which satisfy the 
elliptic curve EC. The ECC method requires that we select a 
random integer k, which needs to be kept secret. Then, kG is 
evaluated, by a series of addition and doubling operations, 
as discussed. For the purpose of this discussion, consider 
the source as host Alice, and the destination as host Bob. 
The private key of the host Bob is selected and it is n Bofe . 
Bob's public key is computed using P Bob = x G Similarly, 
Alice also computes her public key, P A|ice = n x G and both 
of these public keys are exchanged and a secret point, S, is 
computed by both independently. 

A. Simple Encryption 

Suppose Alice wants to encrypt and transmit a character 
to Bob, she does the following: Assume that host Alice wants to 
transmit the character C. Then the ASCII value of the character 
'C is used to modify the secret point, thereby encrypting 
the message somehow into the secret point. The encryption 
process is the x-or operation between the first n" bits of the x- 
coordinate of a secret point, S, and the message to be transmitted, 
where n is the number of bits in the message. Simple encryption 
is illustrated in Fig. 1 

The Elliptic curve is 

y 2 mod 1021 = (x 3 "3x+ 16) mod 1021 (8) 
The base point G is selected as (4,33). The base point implies 
that it has the largest order and smaller x, y co-ordinates 
satisfying the EC equation. The order of G is m = 1058. n A = 83 
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and n B = 127. P fi = 127(4, 33) = (900, 460). The secret point is S 
= n A .P B = 83(900, 460). L = 8-bits in message. Therefore, x s = 
190=10111110 
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Figure 1 : Simple encryption 

SIMPLE ENCYPTION 
Encryption: 

Plaintext character, 'C , its ASCII value is 67. 
Therefore, message= 67 = 0100001 1 . 
Cipher = x s e Message = 01001000 = 72 = H 
Decryption: 

Cipher = H = 01001000.Message= x s e Cipher = 0100001 1 = C. 
Table II provides the cipher values for the sample message, 
"DECIPHER" using simple encryption technique. 

Table II. Simple Encryption 



Me; 5>i ss 




Cipher 


D * 




150 


E 




zn 




6: 




] 




347 


P 


so 


m 


H 


' ' 


Hi 


E 




25] 


R 


82 


23fi 



D = ((152" 1 1) 2 +(422"126) 2 ) 2 = 327 = 1010001 1 1 
D = 71 =01000111 
V 1 =x sl = 11 =00001011 
V =x S = 152=10011000 

2 s2 

Fig. 2 illustrates Complex encryption method. 
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Figure 2 : Complex Encryption 

Encryption: 

Plaintext character is 'C, its ASCII value is 67. 
Therefore, Message = 67 = 0100001 1 

Cipher = V u Q V n Q Message = 1 1010000 = 208 Decryption: 
Cipher =11010000" 

Message = V u © V n © Cipher = 0100001 1 = C 

For the next session, 

V ^Vj+Etd 1+71=82=01010)10 

V 2 =V 2 + D=152 + 71=223 = 11011111. 

The elliptic curve as shown in Fig. 3 is 

y 2 mod 487 = (x 3 " 5x + 25) mod 487 
G =(0,5) order, m = 825. 



(10) 
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B. Complex Encryption 

The elliptic Curve is 

y 2 mod487 = (x 3 "5x + 25)mod487 (9) 
G=(2,5). Supposen^ 1 =63,n^=93,n Bobl =71,n BoK =53. 
P Allcel = 63xG=(139,347), 
p Ai ce 2 = 93xG = (486,121), 
P Bobl = 71xG=(302, 57) and 
P B l 2 =53xG = (176,76). 

According to the algorithm, S x =(x A , y ) = (1 1, 422) and S 2 = 
( x sy y s2 ) = ( 1 52,126) 

The distance between these points, SI and S2 is computed 
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Figure 3: Elliptic curve, E: y 2 = x 3 - 
Table III. Complex Hiding 



5x + 25 





w 




Cipher 




25 




84 
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552 


131 


cm 


255 
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G] 


1(73) 
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B9 


m) 
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um 
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\$i 


53 


mi) 


190 


174 


66 
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Suppose, nAl = 41, nA2 = 79, nBl = 32, nB2 = 68. 

PA1 =41xG=(345,334), 

PA2 =79xG=(104, 183), 

PB1 =32xG=(25,261) 

PB2 = 68xG=(295, 340). 
Shared keys, S, = (25, 226) and S 2 = (265, 264). 
From the shared keys, SI and S2, 
V 1 =00011001 = 25,V, =00001001=9, 
The distance, D = ((25"" 265) 2 + (226 " 264) 2 ) 1 ' 2 = 243. 

A sample sequence of characters "DECIPHER" is sent. 
The complex hiding method is illustrated in Table-Ill with an 
example using a series of characters "DECIPHER". The 
encryption of each character involves two 8-bit addition and 
two 8-bit X-OR operations. The time elapsed for encryption of 
single character or 8-bit data, implemented in MATLAB, is 
0.000008 seconds. Therefore, the CPU time elapsed for 
encryption of the message DECIPHER is 8"(0.000008) 
=0.000064 seconds. 

The complex encryption method typically consumes more 
power, when compared with simple encryption method, 
but less than any of the other ECC encryption techniques, 
which make use of an additional encoding process. An example 
of such an algorithm is ECC encryption using Koblitz's method 
of encoding [ 1 ] . Complex encryption of a message provides 
the algorithm with efficient security. It is almost infeasible to 
attempt brute force attack. Since encryption involves XOR 
operations consuming less computational time, power with 
efficient security. 

IV. Comparison 

A. Time and Power consumption 

ECC encryption with Koblitz's method of encoding is one of 
the best encryption algorithms that provides reliable secu- 
rity. Such algorithms consume additional power for encoding 
and encryption, whereas our process does not consume so 
much power. The plot given in Fig. 4 shows the time con- 
sumed for encryption for various lengths of primes. 



— *— KobNtz -^—Complex hiding 
sec s 




2011 4093 8191 16381 6&521 P 



Figure 4: Comparison between Koblitz encoding [1] and Complex 
Encryption algorithm 
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B. Security 

Though simple encryption is less secure, when compared 
with the complex encryption, but for appropriate prime lengths, 
the breaking process by a brute force attack can consume 
hundreds of years for completion. It is almost infeasible to 
attempt brute force attack in the case of complex encryption 
process. In order to break this algorithm, an intruder requires 
the knowledge of the three parameters: V , V 7 and D. 

Assumption of either of the V and V 2 values requires 
breaking of ECDLP, which is almost infeasible for higher key 
lengths. Since D is a step function, tracing points back from 
D (if known), is also a difficult task. Also, the change in values 
Vj and V 2 after each session, adds more security for the 
message. It is impossible to realize the above parameters from 
any of the known ciphers. 

V. Security analysis 

A. Advantages of complex encryption 

• Two keys used for encryption results in increased sample 
space of cipher text. 

• Shared secret key is calculated over elliptic curve and 
hence private key cannot be retrieved by attacker because 
of elliptic curve discrete logarithmic problem 

• Computationally intensive elliptic curve arithmetic 
operations are carried out only for key calculation. 
Message encoding to elliptic curve is not necessary as 
in case of Koblitz's method. 

• Iterative key update assures forward secrecy. 

• Simple Ex-OR operation used for encryption and decryption 
reduces complexity. 

• Distance calculated between two secret keys is non-linear 
with keys used for encryption and decryption and hence 
improves key update mechanism. 

B. Limitations 

• Message confidentiality is reduced compared to Koblitz' s 
encoding because encryption does not impose elliptic 
curve discrete logarithm problem for each encryption. 

• Only part of shared secret key calculated over elliptic 
curve is used for encryption and decryption. Hence, 
security provided by ECDH is not completely utilized. 

V. Conclusions 

A plaintext message DECIPHER is used for implementing 
the algorithm proposed in this paper. Each character in the 
message is represented by its ASCII value and then encryption 
is carried out using both the algorithms. The execution time 
for encoding and decoding functions is no more required. The 
execution time taken for encryption is constant for different 
values of a, b, P for particular key length. Range of message 
bits that can be sent per single cipher is equal to the key 
length. As the key length increases, the security also increases 
exponentially due to the complexity in ECDLP. Since this 
algorithm consumes less power for encryption, it can be used 
in resource constrained applications, such as, WSN's. The 
energy consumption due to the security overhead can be 
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reduced, thereby extending the life of each sensor node. 
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